Panelica includes a full-featured WordPress manager that lets you install, manage, secure, and update WordPress sites directly from the panel — no SSH or FTP required. This guide covers every feature of the WordPress module.
Go to WordPress in the main navigation. The module has six sub-pages:
- Installations — Dashboard for all your WordPress sites
- Plugins — Install, update, and manage plugins
- Themes — Install, update, and manage themes
- Updates — Unified view of all available updates
- Security — Scanning, hardening, and activity monitoring
- Staging — Create test copies of your production sites
---
The Installations page shows all your WordPress sites in a two-panel layout.
Left Panel — Site List:
- Quick stats: Active / Frozen / Issues count
- Each site shows: domain, site title, WordPress version, status badge
- Status options: Active, Installing, Maintenance, Broken, Updating, Suspended
- Lock icon appears on frozen sites
- "Install WordPress" button at the bottom
Right Panel — Site Details:
Overview Cards (4 columns):
- WordPress version (e.g., "WP 6.4.2")
- PHP version (e.g., "PHP 8.4")
- Security status (Frozen or Unlocked)
- Installation date
Site Information:
- Site Title — Display name
- Site URL — Clickable link to your website
- Admin User — Login username
- Database — Database name used by WordPress
- Install Path — Full filesystem path
- Owner — System user
Quick Actions (6 buttons):
| Action | Description |
|---|---|
| WP Admin | One-click auto-login to WordPress dashboard — no password needed |
| Visit Site | Open the website frontend in a new tab |
| Fix Permissions | Repair file/directory permissions (644/755) with correct ownership |
| Freeze / Unfreeze | Make all WordPress files immutable (read-only). Prevents plugin/theme changes, malware writes, and unauthorized modifications. |
| Change Password | Reset the WordPress admin password. Includes a "Generate Password" button for secure random passwords. |
| Uninstall | Completely remove WordPress (files + database + tracking record) |
---
Click Install WordPress from the Installations page. A 5-step wizard guides you through the process.
Step 1 — Select Installation Target
Choose where to install:
- Existing Domain — Select from your active domains
- Create New Domain — Enter a new domain name (auto-creates the domain)
- Existing Subdomain — Select a parent domain, then pick or create a subdomain
- Import Existing WordPress — Detect and track an already-installed WordPress (doesn't reinstall — just adds it to the panel)
Additional options:
- Install Subpath — Install to a subdirectory (e.g.,
/blog) instead of the domain root - Force Reinstall — If WordPress already exists at the location, overwrite it (with optional backup)
- SSL Provider — Let's Encrypt (default) or Self-signed
- Use HTTPS — Set the site URL to HTTPS (default: checked)
Step 2 — Site Setup
| Field | Description |
|---|---|
| Site Title | The name of your WordPress site (e.g., "My Travel Blog") |
| Language | WordPress locale (default: English) |
| PHP Version | Select from available versions (8.1, 8.2, 8.3, 8.4) |
| Allow Search Engines | Whether to allow Google/Bing to index your site (default: yes) |
Step 3 — Admin Account
| Field | Rules |
|---|---|
| Admin Username | Cannot be "admin" (security). Alphanumeric + underscore only. |
| Admin Password | Minimum 8 characters. Use "Generate strong password" button for maximum security. |
| Admin Email | Valid email address for WordPress notifications |
Step 4 — WordPress Settings
- Table Prefix — Database table prefix (default:
wp_). Change for security (e.g.,xyz_). - Auto-Update Core — Automatically update WordPress core when new versions release (default: off)
Step 5 — Review & Install
Summary of all selections. Click Install WordPress and wait for the progress bar to complete. After installation:
- Site URL (clickable link to your new website)
- Admin URL (link to WordPress dashboard)
- Buttons: "Visit Site" | "Go to Admin" | "View Installation"
---
Go to WordPress > Plugins. Two tabs: Installed and Plugin Store.
Installed Tab:
- Select one or more WordPress sites from the left panel
- Filter by: Search, Status (All/Active/Inactive/Needs Update)
- Stats row: Total, Active, Needs Update, Must-Use
- Table shows: Plugin name, title, version, status badge, update availability
- Per-plugin actions: Activate, Deactivate, Update, Delete
- Bulk actions: Select multiple plugins and activate/deactivate/update/delete in batch
Plugin Store Tab:
- Search the official wordpress.org plugin directory
- Quick-select categories: Security, SEO, Performance, Backup, Contact Forms, E-commerce, Analytics, SMTP
- Each plugin card shows: icon, name, version, rating, active installs, description
- One-click install with optional "Activate after install" toggle
- Pagination with page and per-page controls
Batch Operations: Select multiple sites from the left panel to install a plugin or update all plugins across all your WordPress installations at once.
---
Go to WordPress > Themes. Layout identical to Plugins.
Installed Tab:
- Stats: Total, Active, Needs Update, Parent themes
- Table shows: Theme name, version, status (Active/Inactive/Parent), update available
- Actions: Activate, Update, Delete (cannot delete active theme)
Theme Store Tab:
- Categories: Starter, Blog, Business, Portfolio, E-commerce, Magazine, Multi-purpose, Minimalist
- Each theme card shows a large screenshot preview, name, author, version, rating
- One-click install with "Activate after install" toggle
---
Go to WordPress > Updates. A unified view of all available updates across all your WordPress sites.
Filter by: Search, Type (Core/Plugins/Themes/Translations)
Unified Table:
| Column | Description |
|---|---|
| Type | Badge: Core, Plugin, Theme, or Translation |
| Name | Plugin/theme name or "WordPress Core" |
| Current Version | Currently installed version |
| New Version | Available update version |
| Site | Which WordPress installation needs this update |
| Action | Update button |
Bulk options:
- Update All — Apply all updates for the selected site
- Update Selected — Apply checked updates only
- Batch Update All Sites — Update everything across multiple sites
---
Go to WordPress > Security. Five tabs:
Overview:
- Last scan date/time
- Login attempts in last 7/30 days
- Critical issues found
- Security score percentage
Scanner:
Run a multi-step security scan:
- Core Integrity — Checks if WordPress core files have been modified
- Plugin Integrity — Checks for unauthorized plugin modifications
- Suspicious Files — Detects backdoors and malicious code
- Malware Scan — ClamAV antivirus scan
- PHP in Uploads — Finds PHP files in the uploads directory (security risk)
Results show checkmarks (OK), warnings, or errors for each step. Suspicious files can be deleted directly from the results.
Hardening:
A scored list of security recommendations with one-click fixes:
- Disable user enumeration
- Add security headers
- Disable file editor
- Hide WordPress version
- Disable directory listing
- Disable/protect XML-RPC
Each item shows current status (Secure/Insecure) with a "Fix" button.
Activity:
- Login attempt statistics: total, failed, successful, blocked
- Top attackers table with IP addresses, country flags, attempt counts, and "Block IP" button
- Recent login activity log with filters by date range, event type, and method
Users:
Lists all WordPress users with their roles, email, and registration date.
---
Go to WordPress > Staging. Create a safe copy of your production site for testing changes.
Creating a Staging Site:
- Select a WordPress installation
- Click "Create Staging Environment"
- Panelica clones files, database, and configuration
- Staging site accessible at a separate URL (e.g.,
staging.example.com)
Staging Actions:
| Action | Description |
|---|---|
| Sync from Production | Pull latest production files/database into staging. Options: sync files only, database only, or both. |
| Promote to Production | Push staging changes back to production. Auto-creates backup first. Requires typing "PROMOTE" to confirm. |
| Delete Staging | Removes the staging environment completely |
Status auto-refreshes every 3 seconds during operations (Creating, Syncing, Promoting).
---
Go to WordPress > Backups. Manage backups for all your WordPress installations.
Creating a Backup:
- Select a WordPress site
- Choose type: Full (files + database), Database Only, or Files Only
- Enter a custom name or use the auto-generated one
- Add optional notes
Backup Table: Shows all backups with name, type, status (Completed/Failed/In Progress), site, size, creation date, and duration.
Backup Actions:
- Restore — Restore files, database, or both from a backup. Site is briefly unavailable during restore.
- Download — Download the backup file to your computer
- Details — View full backup metadata
- Delete — Remove the backup permanently
Filters: By site, backup type, status, and search text. Sort by date, name, or size.
---
- Don't use "admin" as your username — It's the first thing attackers try. The installer blocks it.
- Change the table prefix — Instead of default
wp_, use something unique likexyz_. - Run security scans regularly — At least weekly. Check for modified core files and suspicious uploads.
- Keep everything updated — Use the Updates page to apply all updates across all sites at once.
- Use the Freeze feature — After configuring your site, freeze it to prevent unauthorized file changes. Unfreeze when you need to make changes.
- Create backups before major changes — Especially before updating WordPress core, changing themes, or editing critical plugins.
- Use staging for testing — Never test changes on your production site. Create a staging environment, test there, then promote.
- Apply all hardening recommendations — Aim for 100% on the hardening score.
- Monitor login activity — Block IPs with repeated failed login attempts.
---
- First Steps After Setup — Creating your first domain
- Troubleshooting — Common website issues
---
Questions? Ask in General Discussion.
Last edited: